Open Redirect Vulnerability in Novell ZENworks Configuration Management
CVE-2013-1093

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Configuration Management
Vendor: CVE Published:; 17 June 2013

Summary

An open redirect vulnerability exists in the fwdToURL function within the ZCC login page of Novell ZENworks Configuration Management, allowing remote attackers to exploit the directToPage parameter. This weakness enables unauthorized redirection of users to any external website, creating opportunities for phishing attacks and the potential for compromised user credentials. It is crucial for users running affected versions to update to the latest monthly patches to mitigate this risk.

References

http://www.novell.com/support/kb/doc.php?id=7012027

x_refsource_CONFIRM

http://www.novell.com/support/kb/doc.php?id=7012025

x_refsource_CONFIRM

http://www.novell.com/support/kb/doc.php?id=7012499

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 17, 2013
Vulnerability Reserved
Jan 11, 2013